UNIFICATION OF TECHNOLOGIES SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Technology IDS/IPS WIDS Vulnerability Assessment Identity Unified SIEM Inventory HIDS File Integrity Threat Assessment Resources
HOW IT WORKS: 3 INTERACTIVE COMPONENTS Monitoring & Management Intelligent Correlation Security Dashboard 1.SIEM 2. Logger Security Information Transaction Data 3. Sensor
WHY UNIFIED SIEM? Intelligence Compliance Time Cost
1. INTELLIGENCE: Security intelligence comes from context information processing 1. Attacks & Logs 7. Ext. Reputation 2. Vulnerabilities & Threats 6. Applications & Data CONTEXT 3. Inventory 5. Network & Resources 4. Users PROCESSING
1. INTELLIGENCE: SIEM products have achieved great intelligence, but they are rarely fed with the information to use it Prioritization False Positive Cleaning Attack 30% 50% 100% Vulnerability / Threat Inventory 20% Effective Impact Analysis
2. COMPLIANCE: All security technologies required by Compliance Regulations PCI 12.9 respond immediately to breach SOX, ISO, PCI SIEM SOX 304 & PCI 10.5 Secure audit trails PCI 11.2 quarterly vulnerability scans Incident Management Risk Intelligence Storage FISMA, HIPAA, ISO 12.6: periodic security testing PCI 11.4 requires NIDS/ IPS deployment Detection Prevention Awareness PCI 1.1.5, PCI WG, ISO 7.1.1 require asset inventoty PCI 11.1: WIDS and Rogue AP detection IDS/IPS WIDS Vulnerability Assessment Identity Inventory HIDS File Integrity Threat Assessment Resources PCI 11.4 requires HIDS PCI 11.5 File integrity PCI 6.2 identify new threats ISO 10.10 requires monitoring system resources
2. TIME: Effective Security Posture and Analysis delivered in 300 seconds Attacks Inventory Threats second 1 second 100 second 300
3. COST: Experience dramatic reduction 1. Unified Licenses & Hardware 2. Integration Services Up to 90% Cost Reduction 3. Maintenance & Support
COMPETITIVE POSITIONING Why CloudAccess Matters (Differentiation) Unified SIEM vs. Pure SIEM The sensor advantage Low Barrier to entry Hybrid Architecture
WHY CLOUD ACCESS MATTERS 24/7 monitoring on request Multi-tenant OPEX or CAPEX Supported Unique Pattern Recognition Engine (REACT) Integrated suite of products including SIEM/Log, IAM and REACT Lower Cost Go-To-Market strategy immediate Leading and Unique Technologies EASY TO USE!!!
CLOUD ACCESS VERSUS PURE SIEM SIEM Management Incident Management Risk Intelligence Storage Detection Prevention Awareness Security Context IDS/IPS WIDS Vulnerability Assessment Identity Inventory HIDS File Integrity Threat Assessment Resources
THE SENSOR ADVANTAGE Fast: Customer Security Posture from the first second Stealthy: Will not break the customer s network Complete: Provide all security services in a single box Out-of-the-box full Security Visibility
LOW BARRIER TO ENTRY: With elastic scaling in performance and complexity SaaS Web Services Elastic Performance Scaling Multi-tier hybrid architecture Cloud Customer Premises
HYBRID ARCHITECTURE: Function Deploy Lev Cloud 1 Analysis Cloud 2 Storage Cloud CP 3 Vulnerability Mgmt A. External B. Internal Cloud CP 4 Detection & Awareness CP Customer Premises
CLOUD ACCESS FLEXIBLE ARCHITECTURE: Customer1 has no on-site gear, sends logs to CloudAccess Collection Customer2 is using Managed IDS service, CloudAccess Sensor on Customer Premise Detection & Awareness Customer3 is using Local Vulnerability Scanning, CloudAccess Sensor on Customer Premise Tiered 2 nd Level Local Vulnerability Scan Customer4 has complete CloudAccess solution on premise, Managed by CloudAccess
INTRODUCING CloudAccess Unified SIEM Version 4
UNIFIED SITUATIONAL AWARENESS: AUTO DISCOVERY Function Technology Identity Monitoring Active Directory LDAP Authentication logs Network Auto-Discovery Topology Map Inventory Profiling Recurrent snmp scans Passive fingerprinting Active fingerprinting Host agent WMI Time-Service-Usage profiling Resource Monitoring Network Monitoring Network Availability Host Resources Anomaly detection Flows Snmp Snmp Any resource
OUT-OF THE-BOX PCI WIRELESS COMPLIANCE PCI Requirement Solution 11.1 Deploy a WIDS/WIPS CloudAccess Sensor includes a WIDS/WIPS WG WG Maintain an up-to-date wireless hardware inventory Detect Rogue AP and unauthorized wireless connections Automatically done by Situational Awareness Correlate information between WIDS and Inventory 4.1.1 Ensure strong cryptography.. WEP is prohibited Monitored by WIDS default
OTHER FEATURES & ENHANCEMENTS Enhancements in all areas of function: Policy Management Visualization Compliance Reporting Detection/analytics Integration Incident Response Host Security Vulnerability Assessment Asset Management Network Monitoring User Management Network Discovery Dashboards Usability Performance
UNIFED MANAGEMENT 1 unique Login 1 unique Asset Structure 1 unique User Structure
SEIM: A SINGLE PANE OF GLASS
LOG MANAGEMENT
UNIFIED VULNERABILITY SCANNER
NETWORK IDS
HOST IDS
UNIFIED SITUATIONAL AWARENESS
UNIFIED REPORTING
SUMMARY CloudAccess Unified SIEM 4.0 changes the game for SIEM customers. CloudAccess Unified SIEM 4.0 is a unique offering in the market Compliance, Time and Cost advantages makes CloudAccess Unified SIEM 4.0 the most competitive solution CloudAccess enables broad enterprise adoption
Thank You www.cloudaccess.com 877 550 2568 info@cloudaccess.com